1.1.1 • Published 8 months ago

@rio-cloud/rio-license-checker v1.1.1

Weekly downloads
-
License
Apache-2.0
Repository
bitbucket
Last release
8 months ago

rio-license-checker

Easy-to-use tool to run a license check according to the RIO guidelines.

It does the following:

  • download the latest version of the RIO license whitelist for the given project type from the central RIO license S3 bucket
  • run a 3rd party license checker tool to crawl the licenses of the project in the given directory (or ., if not specified)
  • compare the licenses found with the RIO whitelist
    • if a license is found that is not in the whitelist: fail with nonzero exit code
    • if all licenses are compliant: upload a license report to the central RIO license S3 bucket (only if the --upload flag is set)

Nothing of that is really new - this is supposed to be a testable, maintainable drop-in replacement for the code snippets & scripts we currently copy-paste from one repo to another.

Currently supports:

  • npm frontend projects
  • npm backend projects
  • gradle projects

License Check Implementation

npm

  • The underlying license checker tool is license-checker-rseidelsohn.
  • The license checker generates a report and compares the licenses to the passed whitelist.
  • The application's own package is automatically excluded from the report, as it (usually) does not have a license.
  • For testability reasons, we cannot use the programmatic interface of the tool. Instead, we call it as a subprocess via zx.
  • You can exclude dependencies by creating a oss-licenses-ignore-packages.txt file in the project directory.

gradle

  • The underlying license report tool is hierynomus/license-gradle-plugin.
  • You need to include & configure the plugin in your build.gradle.kts.
  • The output of the plugin is compared with the whitelist programmatically (as we used to do in the build.gradle.kts).
  • For subprojects, you need a separate invocation of the license checker, where the directory points to the subproject.
    • Currently, only subprojects directly below the root project are supported (limited by where the checker looks for the gradle wrapper).
    • When doing so, take care to specify a different service name to prevent overwriting the license report of the root project.
    • Please see below for an example.
npx @rio-cloud/rio-license-checker -a rio-example -s example-service -t gradle
npx @rio-cloud/rio-license-checker -a rio-example -s example-service_sub-project -t gradle -d ./sub-project

Usage

Show usage

npx @rio-cloud/rio-license-checker -h

Run the license check for a project. Requires AWS credentials (RIO developer role), e.g. via AWS_PROFILE=....

npx @rio-cloud/rio-license-checker -a rio-example -s example-service -t npm-frontend --verbose
@aws-sdk/client-s3@aws-sdk/client-ssmcommanderlicense-checker-rseidelsohnlogleveltsxzx
1.1.1

8 months ago

1.0.1

9 months ago

1.0.0

11 months ago

1.0.0-alpha.2

11 months ago

1.0.0-alpha.1

11 months ago

1.0.0-alpha.0

11 months ago